Outline for April 1, 2004
- Basic components
- Confidentiality
- Integrity
- Availability
- Threats
- Snooping
- Modification
- Masquerading; contrast with delegation
- Repudiation of origin
- Denial of receipt
- Delay
- Denial of service
- Role of policy
- Example of student copying files from another
- Emphasize: policy defines security
- Distinguish between policy and mechanism
- Goals of security
- Prevention
- Detection
- Recovery
- Trust
- Hammer this home: all security rests on trust
- First problem: security mechanisms correctly implement security policy; walk through example of a program that logs you in; point out what is trusted
- Second problem: policy does what you want; define secure, precise
- Operational issues; change over time
- Cost-benefit analysis
- Risk analysis (comes into play in cost-benefit too)
- Laws and customs
- Human Factors
- Organizational problems
- People problems (include social engineering)
- Principles of Secure Design
- Refer to both designing secure systems and securing existing systems
- Speaks to limiting damage
- Principle of Least Privilege
- Give process only those privileges it needs
- Discuss use of roles; examples of systems which violate this (vanilla UNIX) and which maintain this (Secure Xenix)
- Examples in programming (making things setuid to root unnecessarily, limiting protection domain; modularity, robust programming)
- Example attacks (misuse of privileges, etc.)
- Principle of Fail-Safe Defaults
- Default is to deny
- Example of violation: su program
Here is a PDF version of this document.